Windows system >> Windows 7 System Tutorial >> Win7 system basics

Add security locks to Windows 7 with AppLocker

  
        

Enable AppLocker Don't forget to run the service

First, right click on the computer, select "Manage → Service", find the "application identity" service and set it to start automatically. This step is very important because AppLocker will only take effect if it is set to autostart.

Then type "gpedit.msc" in the search box in the start menu to launch the Group Policy Editor. Expand Computer Configuration→Windows Settings→Security Settings→Application Control Policy, and you will see a related setting item called AppLocker.

After selecting this setting item, you can see three types of "executable rules", "Windows installer rules" and "script rules" in the right window (as shown in Figure 1). You can create a new rule by right-clicking on each rule, and you can create a corresponding action rule according to your needs.

Tip: The first time you use AppLocker, you must restart your computer after the configuration is complete to make the policy take effect.

Big knife test Let the flash virus have nothing to do

Usually we often use flash memory, use it to transfer or share some files. But now the flash virus is very rampant and often causes our system to be repeatedly poisoned. At this point we can use AppLocker to create a corresponding rule to avoid the destruction of the system by the flash virus. One of the key files for flash virus propagation is "AutoRun.inf", so you only need to disable this file from running.

First, we select "Script Rule" in the left window list, then right-click in the right window and select the "Create New Rule" command. Then the system will pop up the "Create Script Rule" window. . Select "Reject" in the "Action" of the window, then select "Everyone" in "Users or Groups", and then click the "Next" button. Then select the "Path" option in the creation conditions of the window, and then click "Next". Then type "?:\\AutoRun.inf" in the "Path" box (as shown in Figure 2) and continue to click the "Next" button. Since there are no other required operations in the back, just click the "Create" button to complete the creation of the rule. Now plug in the flash, it will not be poisoned by the automatic operation of the flash.

Tip: According to the above settings, the auto-run function of flash and disc will be disabled. If you only want to disable the auto-run function of flash, just specify the drive letter of the flash. In addition, AppLocker can use the relative path or system variable of a file or folder in addition to the absolute path of the file or folder. For example, "%WINDIR%" represents the location of the operating system directory, and "%TEMP%" represents the current system default temporary directory.

Advanced Application Protection System File Security

The current computer virus is pervasive, even if you are careful, you may be caught. Many viruses use Windows to "over-trust" files in their own directories to run or infect system files, so we can write a rule that prohibits virus executables from running in the system directory. The principle is very simple, you only need to prohibit other program files in the Windows directory except the system executable file.

Similarly, create a new executable rule in the right window. First select "Reject" in the "Action" of the window, select "Everyone" in "User or Group", click the "Next" button, select the "Path" option in the creation condition of the window, and then in the "Path" box Enter "%WINDIR%\\*.exe", then select "Publisher" in the "Exceptions" window and click the "Add" button. Click the "Browse" button in the pop-up window. Feel free to select a Microsoft program file from the pop-up window, then move the slider to the "Publisher" position (as shown in Figure 3), then click the "OK" button in the window to confirm the relevant settings. That's it. At this time, you can see the publisher's information in the "Exceptions" list, and finally click the "Create" button to complete the rule creation.

Hint: Due to the exception of Microsoft as a publisher, all the software that comes with the system in the system directory can run normally, and the virus or Trojan can't even sneak into the system directory. Operation, of course, can not tamper with system files, and can not harm the security of the system and users. At the same time, the path or file name in the rule can also use wildcards, which makes it easy to set a certain type of file, such as "?:\\*.exe", which means any executable file in any directory, "D :\\*" means any file under the D drive. However, this operation requires a certain computer foundation, and the novice should be used with caution!

Extended application restrictions Known program running

In fact, in addition to the active virus defense function, AppLocker can also be used to limit the known The running of the program software!

For example, if you need to restrict your child to run a certain game, you can create rules through AppLocker to prevent the game from running. If the game doesn't need to be installed, then using the "path" to judge, obviously can't avoid the problem that the child can run the game to other directories, but it doesn't matter, just create a "file hash" type rule. This way, no matter where the game moves, the rule will stop the file hash as long as it finds that the file hash is the same value.

In addition, some important files are stored in our computer. In order to prevent others from modifying, you can use AppLocker to create rules to protect these files. The method is very simple, just temporarily disable the software program that opens these files.

We can understand through the introduction that AppLocker can protect system files well, so as to avoid damage to system files caused by computer viruses. As long as the system files are intact, even if the virus infects certain applications, it will not affect the normal operation of the system. In this case, you can use the anti-virus software to easily get the virus. how about it? Try it out!

Comment: AppLocker is a new feature in Win 7, and there is no such option in the control panel, so many users don't understand its function, don't even know it. The presence. In fact, the flexible use of AppLocker can effectively manage how users run all types of application files, including executable files, script files, program installation files and dynamic link library files, etc., and can well protect system file security, not afraid of unknown viruses. damage. In addition, the flexibility to use AppLocker's rule combination can also achieve more features. For example, only users with certain permissions are allowed to run a certain program, and only a certain user can run certain software or existing software in a certain directory.

AppLocker Q & A

Q: What if my main program is not installed in the system directory but I want to protect them?
A: Very simple, create rules, add your program or program installation directory, and then in the "rejected" "exceptions" list as needed to make specific settings.

Q: What if some software is not in the allowed directory or not in the exception list?
A: It's also very simple, just right click and run as administrator.

Q: Some software itself needs some file write permission, or will generate new files (such as download), what should I do?
A: Give the relevant directories and files "Authenticated Users" users full control rights.

Win7 system basics
Windows system
Where is the Win7 firewall? Where is the Win7 firewall set up?

Firewall (English: firewall) is a device that helps ensure the security of information. It allows or
Windows 7 Application Tutorial: Play Win7 pane

In Win7, a lot of new panes have been added to the window to implement various functions. We can cho
How to set the display win7 desktop icon

This article describes how to display the Windows 7 desktop icon, which is simpler for users who use
100 series motherboard installation Win7 tutorial: Let Win7 also install

in the 100 series motherboards. With the arrival of Intels Skylake platform, the problem that comes

Proposing

to customers in Win7 demo mode During the daily use of computer, many people will customize various

Win7 group policy hides system partitions

The partition where the operating system is located can easily be mishandled, especially in the case
  • Win7 system application skills
  • Win7 system basics
  • Win7 FAQ
  • About Windows7 System Tutorial

    • Win8 RP version adds media center function: experience new upgrade mode

    How does the Win7 system set the preview window clarity?

    Cleverly solve the problem that Win8 can't use the weather

    DIY Personalized XP System Sound (1)

    How to check the host number and model number of the desktop under win7 system

    Convert PDF files with SkyDrive from Win8

    How to determine whether Win7 can be used as a wireless router

    System knowledge: Get the general problem of Windows2003 system

    How to disable the wireless network connection in Win8 system

    Briefly introduce the top ten shortcut keys and operation skills of Win7 system

  • Windows XP System Tutorial
  • Windows 7 System Tutorial
  • Windows 8 System Tutorial
  • Windows 10 System Tutorial
  • Windows 2003 System Tutorial
  • Windows 2008 System Tutorial
  • Windows Vista System Tutorial
  • Windows tutorial synthesis
  • Windows Server System Tutorial
  • Linux system Tutorial
  • Computer software Tutorial
  • Windows NT Tutorial
    • Copyright © Windows knowledge All Rights Reserved